First Workshop on Proof eXchange for Theorem Proving

Background

The goal of this new workshop is to bring together researchers working
on proof production from automated theorem provers with potential
consumers of proofs. Machine-checkable proofs have been proposed for
applications like proof-carrying code and certified compilation, as
well as for exchanging knowledge between different automated reasoning
systems. For example, interactive theorem provers can import results
from otherwise untrusted high-performance solvers, by means of proofs
the solvers produce. In such situations, one automated reasoning tool
can make use of the results of another, without having to trust that
the second tool is sound. It is only necessary to be able to
reconstruct a proof that the first tool will accept, in order to
import the result without increasing the size of the trusted computing
base.

This simple idea of proof exchange for theorem proving becomes quite
complicated under the real-world constraints of highly complex and
heterogeneous proof producers and proof consumers. For example, even
the issue of a standard proof format for a single class of solvers,
like SMT solvers, is quite difficult to address, as different solvers
use different inference systems. It may be quite challenging, from an
engineering and possibly also theoretical point of view, to fit these
into a single standard format. Emerging work from several groups
proposes standard meta-languages or parametrized formats to achieve
flexibility while retaining a universal proof language.

Topics

Topics of interest for this workshop include all aspects of proof
exchange among automated reasoning tools. More specifically, some
suggested topics are:

Important dates:

Proceedings

Program

08:55 - 09:00

Welcome

Session 1:

Chair: Stephan Schulz

09:00 - 10:00

Jasmin BlanchetteInvited Talk: Proof Search and Proof Reconstruction in SledgehammerSlides
Abstract: Sledgehammer is a popular tool included with the Isabelle/HOL interactive theorem prover that discharges interactive goals using resolution provers (E, SPASS, Vampire) and SMT solvers (CVC3, Yices, Z3). The main difficulty with proof search is to encode type information efficiently, including polymorphism. For SMT solvers, we monomorphize the problem and map the resulting ground types to SMT-LIB sorts. For resolution provers, we experimented with a menagerie of type encodings and selected the most appropriate encoding for each prover, sacrificing soundness for efficiency in some cases.
For proof reconstruction, several schemes are supported: (1) SMT solvers can be trusted and used as oracles; (2) Z3 proofs are replayed step by step and can be stored as certificates to speed up replay; (3) from resolution proofs, Sledgehammer extracts the used lemmas and attempts to re-find the proofs in Isabelle; (4) experimentally, we also implemented structured Isabelle proof construction from resolution proofs. This last scheme is the most promising, and we are currently working on improving the readability of the proofs and add support for SMT proofs.
Joint with PSATTT'11

John HarrisonInvited Talk:
Heterogeneous Theorem Proving,
Certification, and Integrated AutomationSlides
Abstract: Theorem provers are being used for an increasing variety of
applications in both formal verification and the formalization of
mathematics. However, as these applications grow more complex and
diverse, it is increasingly difficult to use a single tool for
the entire process. Formal verification activities at Intel use a
diverse range of tools and methods: for instance some arithmetic
proofs use a combination of symbolic simulation and inductive theorem
proving, while some protocol proofs use a combination of model
checking and ad-hoc state abstraction programs. A similar situation
arises in pure mathematics, with the Flyspeck project to formalize
the proof of the Kepler conjecture requiring the formalization of
results reached by linear and nonlinear optimization software and
ad-hoc graph enumeration software, and with some parts of the formal
proof done in different theorem provers.
It is thus very desirable to have a principled way of connecting all
these tools and methods. Combining them by hand or by ad-oc programs
gives rise to two problems: transcription errors at the interfaces
between systems, and the increasing difficulty of trusting a large
heterogeneous collection of tools. At the very least, one would hope
to be able to transfer results in a meaningful way even between
systems with different (and perhaps ill-specified) logical
foundations. More ambitiously, one would wish to be able to transfer
proofs or other "certificates" between such tools, so that logical
soundness can be maintained by a complete and rigorous check on all
results obtained, perhaps via a general interactive theorem prover
that ties all the results together, or a separate and very simple
"proof checker". Recent years have seen an increasing number of
examples where external tools are used to generate relatively simple
certificates that can be checked by other tools. We will survey some
interesting examples where this process seems easy and successful and
those where it seems difficult, and examine alternative approaches.
Finally, even assuming that an interactive theorem prover is equipped
with a panoply of classic decision procedures and mathematical
solvers, there are still deep challenges in integrating the inferences
that these tools can do in isolation, and we will examine some of the
challenges and opportunities here.
Joint with PSATTT'11